changing default port number for ssh

Rick · Post by **Rick** » 07 May 2009, 10:40

I'm using ssh to access my bubba two, and it will not let me save a revised ssh_config file in the /etc/ssh directory.

I am using super user (root login) and have attempted to change the default file permissions for the /etc/ssh directory and these attempts too have been blocked.

What do I need to do to save a ssh_config file with the parameters I wish to use, please?

I get non-stop hacking attempts if I leave port 22 open! It seems to be one of the most hacked ports on the net.

TIA

novis · Post by **novis** » 08 May 2009, 10:25

I think its sshd_config you need to change

Rick · Post by **Rick** » 08 May 2009, 12:47

novis wrote:I think its sshd_config you need to change

Thanks - but I still have the same problem with write access to the sshd_config file. I have made myself root - but the file won't copy over from my pc to the Bubba two.

I can copy the same file without a problem using the same set-up to another directory e.g. /home/storage/Docs. This has 777 permission mode - ie read and write for owner, group and other. The directory I am trying to copy the file to has 755 permission mode - ie write permissions denied for group and other.

As root, I would assume that I am owner anyway. I can't change the permissions either!

It seems to me that this version of Linux (Debian) must have some other master level permissions that is preventing me access to these files.

Anyone with any clues please?

Thanks

Eek · Post by **Eek** » 09 May 2009, 12:53

Hi
I don't really understand your problem
you login to the bubba2 using ssh or putty

Code: Select all

su -
cd /etc/ssh
vi sshd_config

and change
Port 22
into
Port 9999 (for example)
this does not work?
cheers
Eek

Rick · Post by **Rick** » 09 May 2009, 14:29

Eek wrote:Hi
I don't really understand your problem
you login to the bubba2 using ssh or putty
Code: Select all
su -
cd /etc/ssh
vi sshd_config
and change
Port 22
into
Port 9999 (for example)
this does not work?
cheers
Eek

I've just tried that using ssh client, and it just displays the contents of the file I would like to amend. It appears to me to be simply a display of the file contents - how does one amend the port 22 line item to port 12345?

Thanks for the input - I have no problem changing the port in Suse or Mandrake running on a PC using my ssh client. However it doesn't work with bubba/Debian for some reason....

It seems to me that Bubba would be far more secure if the default box was shipped with a high port number for ssh - with appropriate notification in the set-up guide. This would eliminate 99%+ of ssh hacking attempts. I don't think it matters if every Bubba Two ships with the same non-standard port - most hackers seem to be dumb and just working to a "formula".

Most of them seem to be in China, and they are attempting brute force attacks with totally dumb user ID and password combinations - it just annoys me to see the router LED flashing all the time:-) I know that changing port 22 would stop it - but how does one do this in bubba-land ????

Rick

Eek · Post by **Eek** » 09 May 2009, 15:42

I just tried mine
su -
vi /etc/ssh/sshd_config
change Port 22 into Port 12345
:wq
/etc/init.d/ssh restart

now i can connect on ssh port 12345

cheers
Eek

Rick · Post by **Rick** » 10 May 2009, 08:14

Eek wrote:I just tried mine
su -
vi /etc/ssh/sshd_config
change Port 22 into Port 12345
:wq
/etc/init.d/ssh restart

now i can connect on ssh port 12345

cheers
Eek

I have tried that. It doesn't work.

My problem is that when VI opens this file, it seems to be in read only mode. I can't edit it! (I haven't used any switches to make it read only). Which is consistent with the problem I am having copying an edited sshd_config file to the directory. It refuses to copy the file.

There must be some other master security file that is preventing SU from modifying files in this directory in my configuration.

ciao

Rick

Eek · Post by **Eek** » 10 May 2009, 08:55

can you do a ls -l /etc/ssh/*
and try doing a :w!

Rick · Post by **Rick** » 15 May 2009, 12:54

Eek wrote:can you do a ls -l /etc/ssh/*
and try doing a :w!

I get:

bubba:/home/ssh1# ls -l /etc/ssh/*
-rw-r--r-- 1 root root 2064867 2008-05-13 16:22 /etc/ssh/blacklist.DSA-1024
-rw-r--r-- 1 root root 2064867 2008-05-13 16:22 /etc/ssh/blacklist.RSA-2048
-rw-r--r-- 1 root root 132777 2008-07-21 14:40 /etc/ssh/moduli
-rw-r--r-- 1 root root 1424 2008-07-21 14:40 /etc/ssh/ssh_config
-rw-r--r-- 1 root root 1887 2008-09-23 15:16 /etc/ssh/sshd_config
-rw------- 1 root root 668 2008-09-23 15:16 /etc/ssh/ssh_host_dsa_key
-rw-r--r-- 1 root root 596 2008-09-23 15:16 /etc/ssh/ssh_host_dsa_key.pub
-rw------- 1 root root 1675 2008-09-23 15:16 /etc/ssh/ssh_host_rsa_key
-rw-r--r-- 1 root root 392 2008-09-23 15:16 /etc/ssh/ssh_host_rsa_key.pub
bubba:/home/ssh1# :w!
bash: :w!: command not found
bubba:/home/ssh1# :w!
bash: :w!: command not found
bubba:/home/ssh1#

Not sure if I understand the :w! command

Rick

Eek · Post by **Eek** » 15 May 2009, 13:10

verify you are root

Code: Select all

id

this should give:

uid=0(root) gid=0(root) groups=0(root)

maybe you should use nano instead of vi

Code: Select all

nano /etc/ssh/sshd_config

change the portnumber and save the file

cheers
Eek

pa · Post by pa » 19 May 2009, 01:30

I think that this might be a 'vi' issue, if you are not used to 'vi' try using an editor that is a bit more "user friendly" such as 'nano'

Code: Select all

su
nano /etc/ssh/sshd_config

/etc/init.d/ssh restart

/PA